250 likes | 437 Views
Chapter 21. Public-Key Cryptography and Message Authentication. Secure Hash Functions. Secure Hash Algorithm (SHA). SHA was originally developed by NIST published as FIPS 180 in 1993 was revised in 1995 as SHA-1 produces 160-bit hash values NIST issued revised FIPS 180-2 in 2002
E N D
Chapter 21 Public-Key Cryptography and Message Authentication
Secure Hash Algorithm(SHA) • SHA was originally developed by NIST • published as FIPS 180 in 1993 • was revised in 1995 as SHA-1 • produces 160-bit hash values • NIST issued revised FIPS 180-2 in 2002 • adds 3 additional versions of SHA • SHA-256, SHA-384, SHA-512 • with 256/384/512-bit hash values • same basic structure as SHA-1 but greater security • in 2005 NIST announced the intention to phase out approval of SHA-1 and move to a reliance on the other SHA versions by 2010
SHA-3 • SHA-1 considered insecure and has been phased out for SHA-2 • SHA-2 shares same structure and mathematical operations as its predecessors and causes concern • due to time required to replace SHA-2 should it become vulnerable, NIST announced in 2007 a competition to produce SHA-3
SHA-3 Evaluation Criteria • designed to reflect requirements for the main applications supported by SHA-2 • digital signatures, hashed message authentication codes, key generation, and pseudorandom number generation • security • strength should be close to the theoretical maximum for the different required hash sizes and for both preimage resistance and collision resistance • must be designed to resist any potentially successful attack on SHA-2 functions • cost • should be both time and memory efficient over a range of hardware platforms • algorithm and implementation characteristics • consideration will be given to characteristics such as flexibility and simplicity • NIST plans to select the SHA-3 winner by late 2012
HMAC • has been interest in developing a MAC derived from a cryptographic hash code • cryptographic hash functions generally execute faster • library code is widely available • SHA-1 was not deigned for use as a MAC because it does not rely on a secret key • issued as RFC2014 • has been chosen as the mandatory-to-implement MAC for IP security • used in other Internet protocols such as Transport Layer Security (TLS) and Secure Electronic Transaction (SET)
Security of HMAC • security depends on the cryptographic strength of the underlying hash function • for a given level of effort on messages generated by a legitimate user and seen by the attacker, the probability of successful attack on HMAC is equivalent to one of the following attacks on the embedded hash function: • either attacker computes output even with random secret IV • brute force key O(2n), or use birthday attack • or attacker finds collisions in hash function even when IV is random and secret • ie. find M and M' such that H(M) = H(M') • birthday attack O( 2n/2) • MD5 secure in HMAC since only observe
RSA Public-Key Encryption • by Rivest, Shamir & Adleman of MIT in 1977 • best known and widely used public-key algorithm • uses exponentiation of integers modulo a prime • encrypt: C = Me mod n • decrypt: M = Cd mod n = (Me)d mod n = M • both sender and receiver know values of n and e • only receiver knows value of d • public-key encryption algorithm with • public key PU = {e, n} and private key PR = {d, n}.
Diffie-Hellman Key Exchange • first published public-key algorithm • by Diffie and Hellman in 1976 along with the exposition of public key concepts • used in a number of commercial products • practical method to exchange a secret key securely that can then be used for subsequent encryption of messages • security relies on difficulty of computing discrete logarithms
Man-in-the-Middle Attack • attack is: • Darth generates private keys XD1 & XD2, and their public keys YD1 & YD2 • Alice transmits YA to Bob • Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 • Bob receives YD1 and calculates K1 • Bob transmits XA to Alice • Darth intercepts XA and transmits YD2 to Alice. Darth calculates K1 • Alice receives YD2 and calculates K2 • all subsequent communications compromised
Other Public-Key Algorithms Digital Signature Standard (DSS) Elliptic-Curve Cryptography (ECC) equal security for smaller bit size than RSA seen in standards such as IEEE P1363 confidence level in ECC is not yet as high as that in RSA based on a mathematical construct known as the elliptic curve • FIPS PUB 186 • makes use of SHA-1 and the Digital Signature Algorithm (DSA) • originally proposed in 1991, revised in 1993 due to security concerns, and another minor revision in 1996 • cannot be used for encryption or key exchange • uses an algorithm that is designed to provide only the digital signature function
Summary • secure hash functions • simple hash functions • SHA secure hash function • SHA-3 • HMAC • HMAC design objectives • HMAC algorithm • security of HMAC • RSA public-key encryption algorithm • description of the algorithm • security of RSA • Diffie-Hellman key exchange • elliptic-curve cryptography